Rules Reference

Detects files exceeding recommended line count.

Detects files with too many responsibilities — the "does everything" file.

Detects barrel/index files with excessive re-exports that kill tree-shaking.

Detects circular import chains between modules via DFS graph traversal.

Detects code that mixes UI, data fetching, and business logic layers.

Detects exported functions, types, and variables that are never imported anywhere.

Detects duplicate code blocks across files using sliding window hashing.

Detects code patterns that hurt readability: long functions, too many params, magic numbers.

Detects async operations and API calls without proper error handling.

Detects projects with no tests, low coverage, empty tests, or trivial assertions.

Detects mixed coding styles: camelCase vs snake_case, quotes, semicolons.

Detects mixed coding patterns: styling approaches, state management, async patterns.

Detects outdated JS/TS patterns: var, .then() chains, class components, CommonJS.

Detects packages in package.json that are never imported in source code.

Detects multiple packages serving the same purpose (e.g., axios + fetch, jest + vitest).

Detects API keys, tokens, passwords, and connection strings in source code.

Detects signs of unreviewed AI-generated code: console.log, generic names, obvious comments.

Detects unresolved TODO, FIXME, HACK, and XXX comments — unfinished work that shipped.

Detects SQL injection, eval(), CORS wildcards, XSS vectors, and insecure crypto.

Detects missing Terms of Service, Privacy Policy, cookie consent, and account deletion.

Detects accessibility anti-patterns: missing alt text, non-semantic handlers, unlabeled inputs.

Detects missing tsconfig, linter, .gitignore, .env.example, and other project standards.

Detects generic titles, missing meta tags, default favicon, no 404 page.

Detects React patterns that cause unnecessary re-renders. Disabled by default (noisy).